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(57) ABSTRACT 

In a data processing system comprising a host system and a 
memory device including a data storage medium of a 
predetermined size and corresponding capacity, a secure 
method of managing available capacity of the storage 
medium by: maintaining an authentication list comprising a 
plurality of entries including information uniquely identify- 
ing a plurality of memory devices; selecting a section of said 
data storage medium for data storage, said section having a 
size representing the available capacity of the memory 
device; and maintaining identification information in the 
memory device uniquely identifying the memory device. 
Further, in response to receipt in the host system of a request 
for changing the available capacity of the memory device: 
obtaining information from said memory device including 
said identifying information; searching said list to find an 
entry including identification information matching that 
obtained from the memory device to authorize said change; 
and if a match is found, then: generating a change command 
for directing the memory device to change said available 
capacity; sending the change command to the memory 
device; and the memory device executing said change 
command by steps including changing the size of said 
section. 

32 Claims, 5 Drawing Sheets 
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STORAGE DEVICE CAPACITY 
MANAGEMENT 

FIELD OF THE INVENTION 

The present invention relates generally to managing 
memory device capacity and, more particularly, to managing 
disk drive capacity by secure methods. 

BACKGROUND 

A typical data disk drive includes at least one data disk 
where virtually the entire capacity of the data disk is 
available for data storage. A small portion of the data disk is 
set aside as a system area for storing system related infor- 
mation. The data disk is configured by the factory or by an 
OEM to exclude the system area from general access. As 
such, the system area remains "locked" or unavailable for 
storing user data. 

Managing or changing the available capacity of such a 
disk drive after the disk drive has been placed in service in 
a data processing system requires reconfiguration of the disk 
drive to "unlock** the system area. Reconfiguration is per- 
formed by the OEM, or by an end user, by performing a 
series of steps commanding the disk drive to, for example, 
make at least a portion of the system area available for 
limited access. However, the capacity unlocked is a small 
fraction of the native capacity of the hard disk, and the user 
virtually does not gain any additional useable storage capac- 
ity from the hard disk 

Further, due to the minimal amount of hard disk capacity 
unlocked, there has not been a need for robust security 
methods to prevent widespread unauthorized reconfigura- 
tion of the disk drive and use of the system area. As such, 
existing security methods are not suited to deter prohibited 
access to protected areas on the data disk or to prevent illegal 
reconfiguration of the hard disk drive. 

With the increasing capacity offered by data disk drives 
and other memory devices, it is highly desirable to securely 
manage the amount of the available capacity to enable 
commercial models such as "fee for use". There is, 
therefore, a need for a system and a method of managing the 
available capacity of disk drives and memory devices while 
in service in various data processing systems. There is also 
a need for such a system and method to provide an efficient 
and robust security process for preventing unauthorized use 
of said available capacity. 

SUMMARY 

The present inveotion satisfies these needs. In one 
embodiment, the present invention provides a method of 
securely managing available storage capacity of a memory 
device in a data processing system comprising a host system 
and said memory device. The memory device, such as a data 
disk drive, includes a data storage medium of a predeter- 
mined size and corresponding capacity. A secure method of 
managing the available capacity of the storage medium, 
according to the present invention, comprises the steps of: 
(a) mamuining an authentication list comprising a plurality 
of entries including information uniquely identifying a plu- 
rality of memory devices such as the disk drive; (b) selecting 
a section of said data storage medium for data storage, said 
section having a size representing the available capacity of 
the memory device; (c) maintaining identification informa- 
tion in the memory device uniquely identifying the memory 
device; and (d) in response to receipt in the host system of 
a request for changing the available capacity of the memory 
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device, performing steps including: (1) obtaining informa- 
tion from said memory device including said identifying 
information; and (2) searching said list to find an entry 
including identification information matching that obtained 

5 from the memory device to authorize said change. If a match 
is found, then: (1) generating a change command for direct- 
ing the memory device to change said available capacity; (2) 
sending the change command to the memory device; and (3) 
the memory device executing said change command by 

1Q steps including changing the size of said section. 

The step of obtaining the identification information from 
the memory device includes: (1) sending an inquiry com- 
mand to the memory device requesting said unique identi- 
fication information, and (2) the memory device providing 

15 said identification information stored therein in response. 
Preferably, the step of providing said unique identification 
information includes encoding said identification informa- 
tion; and the step of finding a match in the authentication list 
further includes: (1) decoding the encoded identification 

20 information; and (2) comparing the decoded identification 
information with the identification information in the 
authentication list. 

Further, preferably the step of generating the change 
command includes: (1) encoding the matching identification 

25 information found in the authentication list; and (2) incor- 
porating the encoded identification information in the 
change command. Further, the step of executing the change 
command includes: (1) decoding the encoded identification 
information in the change command; (2) comparing the 

30 decoded identification information with the identification 
information in the memory device; and (3) if there is a match 
then changing the size of said section. 

In another embodiment, the data processing system fur- 
ther comprises a remote host system, and the method of 

35 present invention comprises the steps of: (a) maintaining an 
authentication fist in the remote host system, the list com- 
prising a plurality of entries including information uniquely 
identifying a plurality of memory devices; (b) selecting a 
section of the storage medium for data storage, said section 

40 having a size representing the available capacity of the 
memory device; (c) maintaining identification information 
in the memory device uniquely identifying the memory 
device; and (d) in response to receipt in the local host system 
of a request for changing the available capacity of the 

45 memory device: (1) obtaining information from said 
memory device including said identifying information; (2) 
sending the obtained identification information to the remote 
host system; and (3) searching said list in the remote host 
system to find an entry including identification information 

50 matching that obtained from the memory device to authorize 
said change. If a match is found, then: (1) generating a 
change command in the local host system for directing the 
memory device to change said available capacity; (2) send- 
ing the change command to the memory device; and (3) the 

55 memory device executing said change command by chang- 
ing the size of said section. 

In another aspect, the present invention also provides a 
capacity control system for securely managing available 
storage capacity of said memory device in a data processing 

60 system. In one embodiment, the capacity control system 
comprises: (a) an authentication list comprising a plurality 
of entries including information uniquely identifying a plu- 
rality of memory devices; and (b) a host system configured 
by program instructions to perform steps including: in 

65 response to receipt in the host system of a request for 
changing the available capacity of the memory device: (1) 
sending an identification inquiry command to the memory 
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device requesting said unique identification information; (2) and (2) in response to a change command, executing steps 

searching said list to find an entry including identification including changing the size of said section of the data 

information matching that obtained from the memory device storage medium, 
to authorize said change; and (3) if a match is found, then: 

generating a change command for directing the memory 5 DRAWINGS 
device to change said available capacity; and sending the 

change command to the memory device. These and other features, aspects and advantages of the 
The capacity control system further comprises a logic present invention will become better understood with regard 
circuit in the memory device configured by program instruc- to the following description, appended claims and acco na- 
tions to perform steps including: in response to an identifi- 10 panying drawings where: 

cation inquiry command, providing said identification infor- FIG. 1 shows a block diagram of an example data 

mation stored in the memory device; and in response to a processing system architecture in which the present inven- 

change command, executing steps including changing the tion can be implemented; 

size of said section of the data storage medium. Preferably, FIG. 2 shows an embodiment of a method of managing 

the logic circuit program instructions for providing said 15 available capacity of the disk drive of FIG. 1, according to 

unique identification information include program instruc- the present invention; 

dons for encoding said identification information; and the FIG. 3 illustrates ' a representation of partitioning the 
host system program mstmcuons for finding a match m the u of the ^ disk of FIG j according to me present 
authentication list further include program instructions tor invention- 
decoding the encoded identification information, and com- 0f1 /.„ 

paring the decoded identification information with the iden- ™*\ 4 lUust J ates a presentation of an authentication list 

tification information in the authentication list. according to the present invention; 

Preferably, the host system program instructions for gen- FIG - 5 a biock diagram of an embodiment of a 

erating the change command include program instructions capacity management system according to the present inven- 

for encoding the matching identification information found 25 tl0n * 

in the authentication list; and incorporating the encoded FIG. 6 shows a block diagram of an embodiment of the 

identification information in the change command. Further, remote host system of the capacity management system of 

the logic circuit program instructions for executing the FIG. 5; 

change command include program instructions for: decod- FIG. 7 shows another embodiment of a method of man- 
ing the encoded identification information in the change 30 aging available capacity of the disk drive of FIG. 5, accord- 
command; comparing the decoded identification informa- ing to the present invention; 

tion with the identification information in the memory F[G g shows a flowcnart 0 f ^ stcps 0 f ^ example 

device; and if there is a match, then changing the size of said implementation of the method of present invention for 

section of the data storage medium. configuring the capacity management system of FIG. 5; and 

Yet in another aspect, the . present invention also provides 35 FIG 9 shows a block ^ of a 

a capacity control system for securely managing available ^ chl6ing a logic circuit cormgU red by program instructions 

storage capacity of said memory device in a data processing t0 tne t invention as interconnected to disk 

system, wherein the capacity control system comprises a ddve componenls 
remote host system configured by program instructions to 

perform steps including: (1) maintaining an authentication 40 DESCRIPTION 
fist therein comprising a plurality of entries including infor- 
mation uniquely identifying a plurality of memory devices; FIG. 1 shows a block diagram of an example data 
(2) upon receiving an authentication request for authenti- processing system 10 in which a method embodying aspects 
eating identification information of a memory device, of the present invention can be implemented. The data 
searching said list to find an entry containing identification 45 processing system 10 typically includes a local host system 
information matching that requested; and (3) if a match is 15 and a memory device, such as a data disk drive 20, 
found, providing validation information in response to said interconnected as shown. The disk drive 20 comprises a 
request, otherwise providing rejection information in storage medium such a data disk 25 having a size and 
response to said request. corresponding capacity, and a disk controller 30 for inter- 
Trie capacity control system further comprises a local host 50 facing with the host system 15 and controlling disk drive 
system configured by program instructions to perform steps operations. As those skilled in the art will recognize, the 
including: in response to receipt in the local host system of present invention is capable of being implemented in data 
a request for changing the available capacity of the memory processing systems having other memory and storage 
device: (1) sending an identification inquiry command to the devices. Additionally, the local host 15 generally refers to a 
memory device requesting said unique identification infor- 55 nost ^th a SCSI interface, which one skilled in the art will 
mation; (2) sending an authentication request command to recognize to include, for example, a CPU 40 interconnected 
the remote host with the identification information obtained v ia a BUS 45 to a ROM 50, a RAM 55, a user interface 60, 
from the memory device to authorize said change; and (3) a communication interface 65 for communicating with other 
upon receiving validation information from the remote host host systems, and a SCSI interface 70. Although in the 
performing steps including: (i) generating a change com- 60 example embodiment described herein a SCSI interface is 
mand for directing the memory device to change said described, other interfaces such as IDE/ATA and 1394 
available capacity; and (ii) sending the change command to (Firewire) can also be used. The present invention can also 
the memory device. The capacity control system further be utilized in a data processing system having a plurality of 
comprises a logic circuit in the memory device configured local hosts 15 and data disk drives 20. 
by program instructions to perform steps including: (1) in 65 Referring to FIGS. 2-4, in an embodiment of the method 
response to an identification inquiry command, providing of the present invention, verification information 75 is stored 
said identification information stored in the memory device; in the disk drive 20, including identification information 
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uniquely identify the disk drive 20 (step 80). The data disk link 170. As shown in FIG. 6, the remote host system 165 

25 is partitioned into an open section 85 and at least one comprises a CPU 175 interconnected via a BUS 180 to a 

protected, or locked, section 90 as shown in FIG. 3 (step 95). ROM 185, a RAM 190, a user interface 195, a communi- 

When the disk drive 20 is initially integrated into the data cation interface 200 for communicating with other host 

processing system 10, the open section 85 is available for 5 systems such as the local host system 15, and a data storage 

data storage, while the protected section 90 remains locked 205. 

and unavailable. The open section 85 represents the initial The remote host system 165, the local host system 15 and 

capacity of the disk drive 20 available for data storage. As the disk controller 30 are configured by program instructions 

shown in FIG. 4, an authentication list 100 is utilized to according to an embodiment of the method of the present 

enable changing or managing the capacity of the disk drive 1Q invention including the steps shown in FIG. 7. The remote 

securely (step 105). The authentication list 100 comprises a host system 165 maintains the authentication list 100 and 

plurality of entries 110 including memory device identifi- performs functional operations on the list 100 (step 210). In 

cation information 115 uniquely identifying a plurality response to receipt of a request in the local host system 15 

memory devices such as the data disk drive 20. for changing the available capacity of the disk drive 20 (step 

Referring back to FIG. 2, managing the available capacity 15 215), the local host system 15 obtains information from the 
of the disk drive 20 in response to receipt of a request in the disk drive 20 including said identifying information 75 and ■ 
local host system 15 for changing the capacity of the disk sends the obtained identification information 75 to the 
drive 20 (step 120), includes the steps of: obtaining verifi- remote host system 165 (step 220). The remote host system 
cation information from said disk drive 20 including said 165 searches said list 100 to find an entry 110 including 
disk identifying information 75 (step 125); and searching 2 o device identification information 115 matching the identifi- 
said list 100 to find an entry 110 including device identifi- cation information 75 obtained from the disk drive 20 to 
cation information 115 matching the disk information 75 authorize said change and communicates the search results 
obtained from the disk drive 20 to authorize said change to the local host system 15 (step 225). If a match is found 
(step 130). If a match is found (step 135), then: generating (step 230), then the local host system 15 generates a change 
a change command for directing the disk drive 20 to change command for directing the disk drive 20 to change said 
said available capacity (step 140); sending the change com- available capacity (step 235), and sends the change com- 
mand to the disk drive 20 (step 145); and the disk drive 20 mand to the disk drive 20 (step 240). The disk drive 20 
executing said change command by steps including chang- executes the change command by changing the size of said 
ing the size of said open section 85 (step 150). Otherwise, if open section 85 (step 245). If a match is not found in step 
a match is not found in step 135, the size of the open section 30 230, the disk capacity remains unchanged (step 247). 
85 is not changed (step 155). FIG. 8 shows a flowchart of an example implementation 

The step 125 of obtaining the identification information of the above method as program instructions for configuring 

from the disk drive 20 includes: (a) sending an inquiry the capacity control system 160. The remote host system 165 

command to the disk drive 20 requesting said unique iden- is configured as an Internet website utility and maintains the 

tification information 75; and (b) the disk drive 20 providing 35 authentication list 100 and user related information in a 

said identification information 75 stored therein in response. database in the data storage 205 therein. The local host 

Preferably, the step of providing said unique identification system 15 comprises a personal computer system intercon- 

information 75 further includes encoding said identification nected to the remote host system 165 via the network 

information 75; and the step 130 of finding a match in the communication link 170. The local host system 15 accesses 

authentication list 100 further includes: (a) decoding the 40 the remote host system 165 via a modem interconnected to 

encoded identification information; and (b) comparing the the remote host system 165 via the communication link 170 

decoded identification information with the device identifi- such as telephone lines. The local host system 15 utilizes 

cation information 115 in the authentication list 100 to find said disk drive 20 for data storage. 

a match. In an example operation scenario, a user customer utilizes 

Further, preferably the step 140 of generating the change 45 the user interface 60 in the local host system 15 to launch a 

command further includes: (a) encoding the matching iden- utility program for expanding the available capacity of the 

tification information 115 found in the authentication list disk drive 20 (step 250). The local host utility program 

110; and (b) incorporating the encoded identification infor- obtains customer data, such as purchase information, from 

mation in the change command. And, the step 150 of the customer (step 255). The local host utility then generates 

executing the change command further includes: (a) decod- 50 and sends a Get Key command to the disk controller 30 to 

ing the encoded identification information in the change obtain the disk drive identification information 75 (step 

command; (b) comparing the decoded identification infor- 260). The disk drive 20, under direction of firmware in the 

mation with the identification information 75 in the disk disk controller 30: (a) obtains identification information 75 

drive 20; (c) and if there is a match, then changing the size stored therein including a unique serial number and part of 

of said open section 85. 55 a date code SI (step 265); (b) encodes or scrambles the serial 

In another aspect, the method of the present invention is number using the date code SI as a seed (step 270), and (c) 

implemented as program instructions to configure a data returns the scrambled serial number SN1 and the seed SI to 

processing system to form a capacity control system for the local host utility (step 275). The local host utility then 

securely managing the available storage capacity of a appends the customer data to the identification information 

memory device such as the disk drive 20. Referring to FIG. 60 75 (step 280); and establishes a connection with the remote 

5, in one embodiment, a capacity control system 160 accord- host system 165 via an Internet connection and transmits the 

ing to the present invention includes the aforementioned scrambled serial number SN1, the seed SI and customer data 

disk drive controller 30 and local host system 15 configured to the remote host system 165 (step 285). 

by program instructions to perform the steps of the method The remote host website utility program searches the 

of the present invention. The capacity control system 160 65 authentication list 100 in the data base for the customer 

can further include a remote host system 165 interconnected information to validate purchase of the disk drive 20 by the 

to the local host system 15 via a network communication customer (step 290). If the purchase is validated, the website 
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utility decodes the scrambled serial number SN1 using the Preferably, the disk drive 20 stores therein an indication 

seed SI (step 295), and then checks the device information of the changed available capacity. Such indication can be 

115 in the entries 110 of the authentication list 100 to find a stored in a configuration page on the data disk 25 for access 

match for the decoded serial number (step 300). If the serial by the disk controller 30. In that case, the encrypted SN2 and 

number is found, then the website utility: (a) scrambles the 5 S2 information can be stored in the configuration page to 

serial number using a random seed RS to generate an prevent an unauthorized change in the configuration page 

encoded serial number SN2, and scrambles the random seed information. Further, after a power cycle, the disk controller 

RS using the seed SI to generate an encoded seed S2 (step 30 can re-check said stored information by methods dis- 

305), and (b) returns the scrambled serial number SN2 and cussed above to determine unlocked capacity, 

the encoded random seed S2 to the local host system (step Though in the above example scenario, the available 

310). Otherwise, the website utility system returns a bad capacity of ^ drive 20 is increased or unlocked, the 

status to the local host system 15. present mvenuon ^ cont e m plates decreasing or locking 

If the local host system 15 receives a bad status from the available capacity of the disk drive 20. In that case using the 

remote host system 165 the local host uulity informs the above measures for lodd ci fe ional Iq 

user of such and ends the procedure (step 315) otherwise, Qne embodiment the user launches ^ m { ock £ m 

the local host utility generates and sends an Unlock com- in the local host 15 wilhom usin decodi inf ^ a . 

mand with encoded serial number SN2 and random seed S2 . , ~ VT ~ , M A „ * , , , 

to the disk drive controller 30 (step 320). The disk controller Uon such as and S2. Alternatively, the unlock utility 

30 decodes the encoded random seed S2 using the seed SI P^gram can be launched in the local host system 15 by a 

therein (step 325), and then decodes the encoded serial command from the remote host system 165 via the commu- 

numberSN2 using the decoded random seed (step 330). The 20 nication link 170. The local host utility generates a Lock 

disk controller 30 then compares the decoded serial number command and sends the Lock command to the disk control- 

with the serial number stored in the disk drive 20 (step 335). ler 30 with an indication of the amount of the capacity to be 

If a match is found, the disk controller 30 increases the locked. The disk controller 30 executes the Lock command 

available capacity of the disk drive 20 by unlocking the by decreasing me size of me open section 85 by the indicated 

protected section 90 of the data disk 25, and returns good 25 amount 

status to the local host system 15 (step 340). If a match is not In another aspect, the method of the present invention 

found in step 335, the disk controller 30 returns bad status allows unlocking the capacity of the disk drive 20 for a 

to the local host system 15. The local host utility then limited time period T such as hours or days. In that case, the 

informs the user of the returned status (step 345). Unlocking time period T is provided either by the customer, or by the 

the protected section 90 includes increasing the size of the 30 remote host system 165, and sent to the disk drive 20 by the 

open section 85 by a predetermined amount or by a value local host 15 as an additional scrambled argument to the 

specified by the customer or in the authentication list 100. Unlock command described above. The disk controller 30 

Therefore, according to the above embodiment of the then unscrambles the time period T and utilizes it in an 

present invention, information exchange and authentication internal timer to inform the disk controller 30 to relock the 

is initiated and managed by the local host system 15 between 35 unlocked capacity when the time period T has expired. The 

the disk drive 20 and the remote host system 165. Serial disk controller 30 also re-scrambles the time period T value 

number encryption and validation occur only in the disk for storage in said configuration page. At subsequent power 

drive 20 and at the remote host system 165. The local host up, the disk controller 30 retrieves the time period T from the 

system 15 serves only as a conduit for the 'encrypted serial configuration page and compares it against a current timer 

number making unauthorized deciphering of the serial num- 40 value Y If the timer value Y is less than the time period T, 

ber very difficult. Although the disk drive serial number is and the stored SN2 value is valid, then the unlocked capacity 

stored in the disk drive 20 to uniquely identify the disk drive remains available. Otherwise, if the timer value Y is greater 

20, other unique identifying information can also be utilized. than or equal to the time period T, or the stored SN2 value 

Encrypting the disk drive's unique serial number allows the is invalid, then the unlocked capacity is re-locked and the 

encryption/decryption methods common for different disk 45 corresponding configuration page values are updated. The 

drives 20 utilized in corresponding local host systems 15 disk controller 30 relocks the unlocked capacity according to 

such a personal computers, for example. As such, the the aforementioned locking procedure. • 

method of the present invention, can be utilizes simply and i n implementation, an encoder operator S(a,b) utilizes 

efficiently to securely manage the capacity of multiple disk parameter a as the value to be encoded and parameter b as 

drives 20 each with a unique serial number stored therein. 50 an encoding seed. A decoding operator IS(c,d) utilizes 

The encoding and decoding procedures described above can parameter c as the value to be decoded and parameter d as 

be selected from existing encryption protocols which utilize a decoding seed. The operators S and IS are applied to the 

a seed for encoding and decoding. aforementioned example, where the seed values b and d are 

Although in the above example, the authentication list dropped from the notation as being implied. The decoded 

100 is maintained in the remote host system 165, and the 55 value SN2 is obtained from the decoding operator IS(SN2, 

local host system 15 exchanges information with the remote IS(S2)), and the decoded value T is obtained from the 

host system 165 via the communication link 170 to authorize decoding operator IS(T). If the decoded SN2 does not match 

the disk drive capacity change, other means of obtaining the serial number stored in the disk drive, then the disk drive 

authorization from the remote host system 165 are also capacity is not unlocked. If the decoded SN2 matches the 

possible and contemplated by the present invention. For 60 serial number stored in the disk drive, then the disk drive 

example, the user can place a telephone call to operators at capacity is unlocked depending on the decoded value of T as 

the disk drive's manufacturer and provide the user's infor- follows. If decoded value of T is 0, then the user has 

mation to the operators. The operators then check the purchased the disk drive, whereby the disk drive capacity is 

authentication list 100 stored in the remote host 165, and unlocked for general use, and the values of S2 and decoded 

upon validating the user information, provide the user with 65 SN2 and T are stored in the hard disk drive configuration 

information for the local host system 15 to direct the disk page. If the decoded value of T is, for example, greater than 

drive 20 to change said available capacity. 29 days then the user has rented the disk drive capacity, 
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whereby the disk drive capacity if unlocked for the specified Referring to FIG. 9, preferably, the disk controller 30 

time period. If the decoded value of T is, for example, comprises a logic circuit 350, configured by the program 

greater than 1 day, but less than 29 days, than the user has instructions described above. The logic circuit 350 can be an 

purchased a record-once and play-once capacity, whereby Application Specific Integrated Circuit (ASIC). An ASIC is 

the disk drive capacity is unlocked, desired data is stored 5 a device designed to perform a specific function as opposed 

thereon one, and then read only once. to a device such 85 a microprocessor which can be pro- 

, . grammed to performed a variety of functions. The circuitry 

An example of encodmg and decoding protocol imple- for making the chip program mable is eliminated and only 

mented as a cipher/decipher engine is described herein. In ^ ose logic mncl i 0 ns needed for a particular application are 

cipher mode the engine encodes the serial number in the disk incorporated. As a result, the ASIC has a lower unit cost and 

drive and in decipher mode the engine decodes the serial "> n i gner performance since the logic is implemented directly 

number. The engine uses four digits of the serial number and in a chip rather than using an instruction set requiring 

a 3-bit seed ci for cipher. In cipher mode the engine uses a multiple clock cycles to execute. An ASIC is typically 

cipher function represented by the relation y„-x„+(y M _ 2 +y„_ fabricated using CMOS technology with custom, standard 

3), wherein: (1) n is a digit index, (2) the binary value x„ cell, physical placement of logic (PPL), gate array, or field 

represents the nth digit of an input value, such as the disk 15 programmable gate array (FPGA) design methods, 

serial number, to be decoded, and (3) the binary value y n The disk controller 30 can further include a memory 

represents the nth digit of an encoded output value y. In device 355, a local microprocessor 360 and a ROM 365, 

decipher mode the engine uses a decipher function repre- interconnected to the controller logic circuit 350 as shown in 

sented by the relation z„=y„+{y n 2 +y„_ 3 ), y„ represents the FIG - 9 - Typically, the ROM 365 includes data and program 

nth digit of the encoded value y to be decoded, the binary 20 instructions for the microprocessor 360 to interact with a 

value ^ represents the nth digit of the decoded value z. spin^e motor controller and a voice coil motor controller in 

_ t " „ . , , , - . o me disk drive 20, and to oversee transfer of data between the 

In the following example, the disk drive firmware uses local host 15 and tbe data ^ 25 ^ h ^ me 

binary value 110 as the seed ci to encode four digits of the device 355> ^ memory dev i C e 360 can include a data 

serial number, decimal 9546. The encoded value is hexa- tmff er f or storing data into and retrieving data from the data 

decimal CDE7, and the seed ci is transmitted with the 25 disk 25. The logic circuit 350, the memory device 355, the 

encoded serial number from the disk drive firmware to the ROM 365 or the data disk 25 can be used to store and 

local host utility. maintain the aforementioned unique identifying information 

Cipher Mode 75 including the serial number and date code. 



n 15 14 13 12 11 10 9 8 7 6 5 4 3 2 

1 0 -1-2 -3 

x decimal 9 5 4 6 

binary 1001 0101 0100 0110 

y binary 1100 1101 1110 0111 110 

hex. C D E 7 I I 



In decipher mode below the remote host system utilizes 
an identical cipher/decipher engine to decode the encoded 
serial number CDE7 according to the decipher relation 
z n =v n + (yn-2 + y w -3) described above, to obtain the decoded 
value z representing the aforementioned four digits of the 
serial number 9546. 
Decipher Mode 



Although the present invention has been described in 
considerable detail with regard to the preferred versions 
thereof, other versions are possible. For example, instead of 
the disk drive 20, other memory and storage devices such as 
tape cartridges and removable recordable disk drives are 
also contemplated by the present invention. Therefore, the 
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Other encoding and decoding protocols known to those 
skilled in the art are also possible and contemplated by the 
present invention. 

The program instructions can be implemented in a high 
level programming language such as C, Pascal, etc. which is 50 
then compiled into object code and linked with object 
libraries as necessary to generate executable code for the 
local host system 15 and the remote host system 165. The 
program instructions can also be implemented in assembly 
language which is then assembled into object code and 65 
linked with object libraries as necessary to generate execut- 
able code. 



appended claims should not be limited to the descriptions of 
the preferred versions contained herein. 
What is claimed is: 

1. In a data processing system comprising a host system 
and a memory device including a data storage medium of a 
predetermined size and corresponding capacity, a secure 
method of managing available capacity of the storage 
medium, comprising tbe steps of: 

(a) maintaining an authentication list comprising a plu- 
rality of entries containing information including infor- 
mation uniquely identifying a plurality of memory 
devices; 
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(b) selecting a section of said data storage medium for 
data storage, said section having a size representing the 
available capacity of the memory device; 

(c) maintaining verification information in the memory 
device including information uniquely identifying the 
memory device; and 

(d) in response to receipt in the host system of a request 
for changing the available capacity of the memory 
device: 

(1) obtaining verification information including said 
identifying information from said memory device; 

(2) searching said list to find an entry including iden- 
tification information matching that obtained from 
the memory device to authorize said change; and 

(3) if a match is found, then: (i) generating a change 
command for directing the memory device to change 
said available capacity; (ii) sending the change com- 
mand to the memory device; and (iii) the memory 
device executing said change command by steps 
including changing the size of said section. 

2. The method of claim 1, wherein the step of obtaining 
the verification information from the memory device 
includes: (i) sending an inquiry command to the memory 
device requesting said verification information, and (ii) the 
memory device providing said verification information 
including said unique identifying information stored therein 
in response. 

3. The method of claim 2, wherein: 

(a) the step of providing said verification information 
includes encoding said verification information; and 

(b) the step of finding a match in the authentication list 
further includes: 

(1) decoding the encoded verification information; and 

(2) comparing the decoded verification information 
with the information in the authentication list entries. 

4. The method of claim 3, wherein: 

(a) the step of generating the change command includes: 

(1) encoding the matching information including the 
identification information found in the authentication 
list; and 

(2) incorporating said encoded information in the 
change command; and 

(b) the step of executing the change command includes: 

(1) decoding the encoded information in the change 
command; 

(2) comparing the decoded information with the veri- 
fication information in the memory device; and 

(3) if there is a match then changing the size of said 
section. 

5. The method of claim 1, wherein the memory device 
comprises a data disk drive and the storage medium com- 
prises a data disk. 

6. The method of claim 5, wherein the step of changing 
the size of said section includes increasing the size of said 55 
section, thereby increasing the available capacity of the data 
disk drive for data storage. 

7. The method of claim 5, wherein the step of changing 
the size of said section includes decreasing the size of said 
section, thereby decreasing the available capacity of the data 60 
disk drive for data storage. 

8. The- method of claim 1, wherein the memory device 
comprises a tape cartridge and the storage medium com- 
prises a tape. 

9. A capacity control system for securely managing avail- 
able storage capacity of a memory device in a data process- 
ing system, the memory device including a data storage 



medium having a preselected section of a size representing 
the available capacity of the memory device, and verification 
information, including identification information uniquely 
identifying the memory device, stored in the memory 
device, the capacity control system comprising: 

(a) an authentication list comprising a plurality of entries 
containing information including information uniquely 
identifying a plurality of memory devices; 

(b) a host system configured by program instructions to 
performs steps including: 

in response to receipt in the host system of a request for 
changing the available capacity of the memory 
device: 

(1) sending an identification inquiry command to the 
memory device requesting verification informa- 
tion including said unique identification informa- 
tion; 

(2) searching said list to find an entry including 
identification information matching that obtained 
from the memory device to authorize said change; 
and 

(3) if a match is found, then: (i) generating a change 
command for directing the memory device to 
change said available capacity; and (ii) sending 
the change command to the memory device; and 

(c) a logic circuit in the memory device configured by 
program instructions to perform steps including: 

(i) in response to an identification inquiry command, 
providing said verification information including 
said identification information stored in the memory 
device; and 

(ii) in response to a change command, executing steps 
including changing the size of said section of the 
data storage medium. 

10. The capacity control system of claim 9, wherein: 

(a) the logic circuit program instructions for providing 
said verification information includes program instruc- 
tions for encoding said verification information; and 

(b) the host system program instructions for finding a 
match in the authentication fist further include program 
instructions for: 

(1) decoding the encoded verification information, and 

(2) comparing the decoded verification information 
with the information in the authentication list entries. 

11. The capacity control system of claim 10, wherem: 

(a) the host system program instructions for generating 
the change command include program instructions for: 

(1) encoding the matching information found in the 
authentication list; and 

(2) incorporating the encoded information in the 
change command; and 

(b) the logic circuit program instructions for executing the 
change command include program instructions for: 

(1) decoding the encoded information in the change 
command; 

(2) comparing the decoded information with the veri- 
fication information in the memory device; and 

(3) if there is a match then changing the size of said 
section of the data storage medium. 

12. The capacity control system of claim 9, wherein the 
memory device comprises a data disk drive and the storage 
medium comprises a data disk. 

13. The capacity control system of claim 12, wherein 
65 changing the size of said section includes increasing the size 

of said section, thereby increasing the available capacity of 
the data disk drive for data storage. 
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14. The capacity control system of claim 12, wherein 
changing the size of said section includes decreasing the size 
of said section, thereby decreasing the available capacity of 
the data disk drive for data storage. 

15. The capacity control system of claim 9, wherein the 
memory device comprises a tape cartridge and the storage 
medium comprises a tape. 

16. In a data processing system comprising a remote host 
system, a local host system and a memory device including 
a data storage medium of a predetermined size and corre- 
sponding capacity, a secure method of managing available 
capacity of the storage medium, comprising the steps of: 

(a) maintaining an authentication list in the remote host 
system, the list comprising a plurality of entries con- 
taining information including information uniquely 
identifying a plurality of memory devices; 

(b) selecting a section of the storage medium for data 
storage, said section having a size representing the 
available capacity of the memory device; 

(c) maintaining verification information in the memory 
device including identification information uniquely 
identifying the memory device, 

(d) in response to receipt in the local host system of a 
request for changing the available capacity of the 
memory device: 

(1) obtaining verification information including said 
identifying information from said memory device; 

(2) sending the obtained verification information to the 
remote host system; 

(3) searching said list in the remote host system to find 
an entry including information matching that 
obtained from the memory device to authorize said 
change; and 

(4) if a match is found, then: (i) generating a change 
command in the local host system for directing the 
memory device to change said available capacity; (ii) 
sending the change command to the memory device; 
and (iii) the memory device executing said change 
command by changing the size of said section. 

17. The method of claim 16, wherein the step of obtaining 
the verification information from the memory device 
includes: (i) sending an inquiry command to the memory 
device requesting said verification information, and (ii) the 
memory device providing said verification information 
including the unique identification information stored 
therein in response. 

18. The method of claim 17, wherein: 

(a) the step of providing said verification information 
includes encoding said verification information; and 

(b) the step of finding a match in the authentication list 
further includes: 

(1) decoding the encoded verification information; and 

(2) comparing the decoded verification information 
with the information in the authentication list entries. 

19. The method of claim 18, further comprising the steps 

of: 

after a match is found, encoding the matching information 
found in the authentication list and sending the encoded 
matching information to the local host, wherein: 

(a) the step of generating the change command includes 
incorporating the encoded information from the 
remote host in the change command; and 

(b) the step of executing the change command includes: 

(1) decoding the encoded information in the change 
command; 

(2) comparing the decoded information with the 
verification information in the memory device; 
and 
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(3) if there is a match then changing the size of said 
section. 

20. The method of claim 16, wherein the memory device 
comprises a data disk drive and the storage medium com- 

5 prises a data disk. 

21. The method of claim 20, wherein the step of changing 
the size of said section includes increasing the size of said 
section, thereby increasing the available capacity of the data 
disk drive for data storage. 

22. The method of claim 20, wherein the step of changing 
the size of said section includes decreasing the size of said 
section, thereby decreasing the available capacity of the hard 
disk drive for data storage. 

23. The method of claim 16, wherein the remote host is 
interconnected to the local host via a network system. 

15 24. The method of claim 16, wherein the memory device 
comprises a tape cartridge and the storage medium com- 
prises a tape. 

25. A capacity control system for securely managing 
available storage capacity of a memory device in a data 

20 processing system, the memory device comprising a data 
storage medium including a preselected section having a 
size representing the available capacity of the memory 
device, and verification information, including identification 
information uniquely identifying the memory device, stored 

25 in the memory device, the capacity control system compris- 
ing: 

(a) a remote host system configured by program instruc- 
tions to perform steps including: 

(1) maintaining an authentication list therein compris- 
30 ing a plurality of entries containing information 

including information uniquely identifying a plural- 
ity of memory devices; 

(2) upon receiving an authentication request for authen- 
ticating verification information of a memory device, 

35 searching said list to find an entry containing infor- 

mation matching that requested; and 

(3) if a match is found, providing validation informa- 
tion in response to said request, otherwise providing 
rejection information in response to said request; 

40 (b) a local host system configured by program instructions 
to perform steps including: 

in response to receipt in the local host system of a 
request for changing the available capacity of the 
memory device: 
45 (1) sending an identification inquiry command to the 

memory device requesting verification informa- 
tion including said unique identification informa- 
tion; 

(2) sending an authentication request command to 
50 the remote host with the verification information 

including the identification information obtained 
from the memory device to authorize said change; 
and 

(3) upon receiving validation information from the 
55 remote host performing steps including: (i) gen- 
erating a change command for directing the 
memory device to change said available capacity; 
and (ii) sending the change command to the 
memory device; and 

60 (c) a logic circuit in the memory device configured by 
program instructions to perform steps including: 
(1) in response to an identification inquiry command, 
providing said verification information stored in the 
memory device; and 
65 (2) in response to a change command, executing steps 
including changing the size of said section of the 
data storage medium. 
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26. The capacity control system of claim 25, wherein: 

(a) the logic circuit program instructions for providing 
said verification information include program instruc- 
tions for encoding said verification information; and 

(b) the remote host system program instructions for 
finding a match in the authentication list further include 
program instructions for: 

(1) decoding the encoded verification information, and 

(2) comparing the decoded verification information 
with the information in the authentication list. 

27. The capacity control system of claim 26, wherein: 

(a) the local host program instructions for generating the 
change command include program instructions for 
incorporating the encoded information from the remote 
host system in the change command; and 

(b) the logic circuit program instructions for executing the 
change command include program instructions for: 

(1) decoding the encoded information in the change 
command; 

(2) comparing the decoded information with the veri- 
fication information in the memory device; and 
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(3) if there is a match, then changing the size of said 
section of the data storage medium. 

28. The capacity control system of claim 25, wherein the 
memory device comprises a data disk drive and the storage 

5 medium comprises a data disk. 

29. The capacity control system of claim 28, wherein 
changing the size of said section includes increasing the size 
of said section, thereby increasing the available capacity of 
the hard disk drive for data storage. 

30. The capacity control system of claim 28, wherein 
changing the size of said section includes decreasing the size 
of said section, thereby decreasing the available capacity of 
the hard disk drive for data storage. 

15 31. The capacity control system of claim 25, wherein the 
remote host is interconnected to the local host via a network 
system. 

32. The capacity control system of claim 25, wherein the 
memory device comprises a tape cartridge and the storage 
20 medium comprises a tape. 
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